exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-06-04

gpEasy CMS 4.0 Shell Upload
Posted Jun 4, 2013
Authored by CWH Underground

gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 1f597b57af97e39381dbebcdfc39621a
VxWorks R5_0_31 Data Disclosure
Posted Jun 4, 2013
Authored by Russell Butturini

The 3Com NBX V3000 phone system firmware was found to have the VxWorks remote debug service enabled. This allows for remotely extracting the contents of device memory over the network. When parsing the contents of memory, it was discovered that the call logs for the system as well as URLs which linked to WAV files containing voice mails that were accessible.

tags | exploit, remote, info disclosure
MD5 | 0eefa790a17dcbc192442a4f391eecf8
Libsrtp srtp_protect/hmac_compute Buffer Overflow
Posted Jun 4, 2013
Authored by Fernando Russ | Site groundworkstech.com

There is a buffer overflow in libsrtp based on how the function crypto_policy_set_from_profile_for_rtp applies the cryptographic profiles srtp_profile_aes128_cm_sha1_32/srtp_profile_aes256_cm_sha1_32 to a srtp_policy, as shown by the source code of srtp/srtp.c.

tags | advisory, overflow
MD5 | 562e3ba8665eddd7bf120b93f20df584
Monkey 1.2.0 Buffer Overflow
Posted Jun 4, 2013
Authored by dougtko

Monkey HTTPD version 1.2.0 suffers from a buffer overflow vulnerability that may result in arbitrary code execution or denial of service.

tags | exploit, denial of service, overflow, arbitrary, code execution
advisories | CVE-2013-3843
MD5 | 9a944434f83c9c0a6ef17d8ed052c9e6
Cuppa CMS Remote / Local File Inclusion
Posted Jun 4, 2013
Authored by CWH Underground

Cuppa CMS suffers from remote and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 7b18ed2a448a832d88bcac0be57cdbc1
CMS Gratis Indonesia PHP Code Injection
Posted Jun 4, 2013
Authored by CWH Underground

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | b6e493856de0696e4d0d5a56b5e4d682
aCMS 1.0 Shell Upload / Insufficient Authorization
Posted Jun 4, 2013
Authored by MustLive

aCMS version 1.0 suffers from authentication bypass and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 6be3090901a2773910b1a5b74a621fa2
Dotclear 2.5 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

Dotclear version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fa217a6bd85ed191dfb7e8c8c16bea64
Cisco Iframe Injection
Posted Jun 4, 2013
Authored by Vinesh Redkar

The newsroom.cisco.com site suffers from an iframe injection vulnerability.

tags | exploit
systems | cisco
MD5 | 410599767ad5010015ec6f106dbb4bea
SweetRice CMS 1.2.5 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

SweetRice CMS version 1.2.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 13862fbb7f2d29f2d8716703bd7fbb26
Generating Stable Privacy-Enhanced Addresses With IPv6
Posted Jun 4, 2013
Authored by Fernando Gont | Site ietf.org

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware address (e.g., using IEEE identifiers), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses.

Changes: Revision 9 of this document.
tags | paper, local
MD5 | ae070a249f63b43911cdd8f7fed8eded
Pixelpost 1.7.3 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

Pixelpost version 1.7.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f80aa1450236a9c92d0bb24f74fba5ab
PEStudio 3.69 Denial Of Service
Posted Jun 4, 2013
Authored by Debasish Mandal

PEStudio version 3.69 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 042a9b05ee62dee500be6c6d3d9adda5
Telaen 1.3.0 XSS / Open Redirection / Disclosure
Posted Jun 4, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

Telaen versions 1.3.0 and below suffer from cross site scripting, open redirection, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2013-2621, CVE-2013-2623, CVE-2013-2624
MD5 | 5d8f7bef930e6b0ddf12a1715d262f6d
SSLsplit 0.4.6
Posted Jun 4, 2013
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This bugfix release fixes a bug in passthrough mode (-P) when no matching certificate is found for a connection (issue 9) and a bug in binding to ports less than 1024 with default settings (issue 8). Additionally, it works around a bug in OpenSSL 1.0.0k and 1.0.1e which caused a segmentation fault when loading certificates or keys.
tags | encryption
MD5 | 60612a7068dcddedafc6b0adc83f0c0b
PHD Help Desk 2.12 SQL Injection
Posted Jun 4, 2013
Authored by drone

PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8a47292cb45d78061617db6d3fffe2f8
Access Road 0.7.3
Posted Jun 4, 2013
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This major release improves the management of the user identity, the modeling of the structural relations, and the communications between the simulated software.
tags | tool
systems | linux, unix
MD5 | 0f4de108b9f7d627b39a4a79a33e289d
Seowonintech Routers Remote Root File Dumper
Posted Jun 4, 2013
Authored by Todor Donev

This exploit dumps an arbitrary file from the filesystem with root level permissions on Seowonintech routers with firmware less than and equal to 2.3.9.

tags | exploit, arbitrary, root
MD5 | 882db10f89b958c7c4bfc4f1a67f6879
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close